RubyGems - active_storage_validations - Versions diffs - 1.3.0 → 1.3.2 - Mend

active_storage_validations 1.3.0 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '09b483aef23513aaf10b56c6df6046078bf14e93fcfdebe2e82f2db862b85514'
-  data.tar.gz: d040c36c24fc1fb2b4d1a2e6bb92bde86521cedfda4b4e96436a10b364499f63
+  metadata.gz: 6e1145fabe1ee64e7f7033a38c5b1de1114b364e5e2d9eb010628afde0a3e0b3
+  data.tar.gz: 497b550e5d98bf96e4398969de34022b8e8f828003a620261909a6d39e349aff
 SHA512:
-  metadata.gz: eb6df31c0374b1bfa804281f0effbaa0443ff6a812abd4a46e1ac4293a881e691fd5c61cd4c2622b027085acb3d10c14255f04cac3bab01f13f133d2f26c60af
-  data.tar.gz: b5553a4a7a2f08542c8e6f9dd928b0cc78a09eb846f73346dcdec1b3826bb4a5f04ac200c21e6e2f0f58f6dcc173f226a04e7a2c85d7c15a24b5b827bfb04dcb
+  metadata.gz: b671b5b33834ff904de1dea6dca51bfd741eaf2e10d931896a6fc4ff9ff83fc213f1581d59c562a806640cdc7a10537fa5ddb240051152ff38b5933ea7c7dc33
+  data.tar.gz: 381da6fbfb0fa544357bc492cfc9535992097ed7118846bae62f1b1953e5058f7b1bbc389ebd0dd8543fb035edaba55cee34a8c73a1b4fa84fc2ffc3e8bf9654

data/README.md CHANGED Viewed

@@ -91,9 +91,10 @@ Marcel::MimeType.extend "application/ino", extensions: %w(ino), parents: "text/p
 ```
 **Content type spoofing protection**
 File content type spoofing happens when an ill-intentioned user uploads a file which hides its true content type by faking its extension and its declared content type value. For example, a user may try to upload a `.exe` file (application/x-msdownload content type) dissimulated as a `.jpg` file (image/jpeg content type).
-By default, the gem does not prevent content type spoofing (prevent it by default is a breaking change that will be implemented in v2). The spoofing protection relies on both the linux `file` command and `Marcel` gem.
+By default, the gem does not prevent content type spoofing (prevent it by default is a breaking change that will be implemented in v2). The spoofing protection relies on both the linux `file` command and `Marcel` gem. Be careful, since it needs to load the whole file io to perform the analysis, it will use a lot of RAM for very large files. Therefore it could be a wise decision not to enable it in this case.
 Take note that the `file` analyzer will not find the exactly same content type as the ActiveStorage blob (its content type detection relies on a different logic using content+filename+extension). To handle this issue, we consider a close parent content type to be a match. For example, for an ActiveStorage blob which content type is `video/x-ms-wmv`, the `file` analyzer will probably detect a `video/x-ms-asf` content type, this will be considered as a valid match because these 2 content types are closely related. The correlation mapping is based on `Marcel::TYPE_PARENTS`.
@@ -202,7 +203,6 @@ en:
       aspect_ratio_not_portrait: "must be a portrait image"
       aspect_ratio_not_landscape: "must be a landscape image"
       aspect_ratio_is_not: "must have an aspect ratio of %{aspect_ratio}"
-      aspect_ratio_unknown: "has an unknown aspect ratio"
       image_not_processable: "is not a valid image"
 ```
@@ -221,7 +221,8 @@ aspect_ratio_is_not: "must be a %{aspect_ratio} image"
 ### Content type
 The `content_type_invalid` key has three variables that you can use:
-- `content_type` containing the content type of the sent file
+- `content_type` containing the exact content type of the sent file
+- `human_content_type` containing a more user-friendly version of the sent file content type (e.g. 'TXT' for 'text/plain')
 - `authorized_types` containing the list of authorized content types
 - `filename` containing the current file name
@@ -436,10 +437,11 @@ Then you can use the matchers with the syntax specified in the RSpec section, ju
 To run tests in root folder of gem:
-* `BUNDLE_GEMFILE=gemfiles/rails_6_1_4.gemfile bundle exec rake test` to run for Rails 6.1.4
+* `BUNDLE_GEMFILE=gemfiles/rails_6_1_4.gemfile bundle exec rake test` to run for Rails 7.0
 * `BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle exec rake test` to run for Rails 7.0
-* `BUNDLE_GEMFILE=gemfiles/rails_7_1.gemfile bundle exec rake test` to run for Rails 7.0
-* `BUNDLE_GEMFILE=gemfiles/rails_next.gemfile bundle exec rake test` to run for Rails main branch
+* `BUNDLE_GEMFILE=gemfiles/rails_7_1.gemfile bundle exec rake test` to run for Rails 7.1
+* `BUNDLE_GEMFILE=gemfiles/rails_7_2.gemfile bundle exec rake test` to run for Rails 7.2
+* `BUNDLE_GEMFILE=gemfiles/rails_8_0.gemfile bundle exec rake test` to run for Rails 8.0
 Snippet to run in console:
@@ -447,11 +449,13 @@ Snippet to run in console:
 BUNDLE_GEMFILE=gemfiles/rails_6_1_4.gemfile bundle
 BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle
 BUNDLE_GEMFILE=gemfiles/rails_7_1.gemfile bundle
-BUNDLE_GEMFILE=gemfiles/rails_next.gemfile bundle
+BUNDLE_GEMFILE=gemfiles/rails_7_2.gemfile bundle
+BUNDLE_GEMFILE=gemfiles/rails_8_0.gemfile bundle
 BUNDLE_GEMFILE=gemfiles/rails_6_1_4.gemfile bundle exec rake test
 BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle exec rake test
 BUNDLE_GEMFILE=gemfiles/rails_7_1.gemfile bundle exec rake test
-BUNDLE_GEMFILE=gemfiles/rails_next.gemfile bundle exec rake test
+BUNDLE_GEMFILE=gemfiles/rails_7_2.gemfile bundle exec rake test
+BUNDLE_GEMFILE=gemfiles/rails_8_0.gemfile bundle exec rake test
 ```
 Tips:

data/config/locales/da.yml CHANGED Viewed

@@ -29,5 +29,4 @@ da:
       aspect_ratio_not_portrait: "skal være et portrætbillede"
       aspect_ratio_not_landscape: "skal være et landskabsbillede"
       aspect_ratio_is_not: "skal have et størrelsesforhold på %{aspect_ratio}"
-      aspect_ratio_unknown: "har et ukendt størrelsesforhold"
       image_not_processable: "er ikke et gyldigt billede"

data/config/locales/de.yml CHANGED Viewed

@@ -29,5 +29,4 @@ de:
       aspect_ratio_not_portrait: "muss Hochformat sein"
       aspect_ratio_not_landscape: "muss Querformat sein"
       aspect_ratio_is_not: "muss ein Bildseitenverhältnis von %{aspect_ratio} haben"
-      aspect_ratio_unknown: "hat ein unbekanntes Bildseitenverhältnis"
       image_not_processable: "ist kein gültiges Bild"

data/config/locales/en.yml CHANGED Viewed

@@ -29,5 +29,4 @@ en:
       aspect_ratio_not_portrait: "must be a portrait image"
       aspect_ratio_not_landscape: "must be a landscape image"
       aspect_ratio_is_not: "must have an aspect ratio of %{aspect_ratio}"
-      aspect_ratio_unknown: "has an unknown aspect ratio"
       image_not_processable: "is not a valid image"

data/config/locales/es.yml CHANGED Viewed

@@ -29,5 +29,4 @@ es:
       aspect_ratio_not_portrait: "debe ser una imagen vertical"
       aspect_ratio_not_landscape: "debe ser una imagen apaisada"
       aspect_ratio_is_not: "debe tener una relación de aspecto de %{aspect_ratio}"
-      aspect_ratio_unknown: "tiene una relación de aspecto desconocida"
       image_not_processable: "no es una imagen válida"

data/config/locales/fr.yml CHANGED Viewed

@@ -29,5 +29,4 @@ fr:
       aspect_ratio_not_portrait: "doit être une image en format portrait"
       aspect_ratio_not_landscape: "doit être une image en format paysage"
       aspect_ratio_is_not: "doit avoir un rapport hauteur / largeur de %{aspect_ratio}"
-      aspect_ratio_unknown: "a un rapport d'aspect inconnu"
       image_not_processable: "n'est pas une image valide"

data/config/locales/it.yml CHANGED Viewed

@@ -29,5 +29,4 @@ it:
       aspect_ratio_not_portrait: "l’orientamento dell’immagine deve essere verticale"
       aspect_ratio_not_landscape: "l’orientamento dell’immagine deve essere orizzontale"
       aspect_ratio_is_not: "deve avere un rapporto altezza / larghezza di %{aspect_ratio}"
-      aspect_ratio_unknown: "ha un rapporto altezza / larghezza sconosciuto"
       image_not_processable: "non è un'immagine valida"

data/config/locales/ja.yml CHANGED Viewed

@@ -29,5 +29,4 @@ ja:
       aspect_ratio_not_portrait: "は縦長にしてください"
       aspect_ratio_not_landscape: "は横長にしてください"
       aspect_ratio_is_not: "のアスペクト比は %{aspect_ratio} にしてください"
-      aspect_ratio_unknown: "のアスペクト比を取得できませんでした"
       image_not_processable: "は不正な画像です"

data/config/locales/nl.yml CHANGED Viewed

@@ -29,5 +29,4 @@ nl:
       aspect_ratio_not_portrait: "moet een staande afbeelding zijn"
       aspect_ratio_not_landscape: "moet een liggende afbeelding zijn"
       aspect_ratio_is_not: "moet een beeldverhouding hebben van %{aspect_ratio}"
-      aspect_ratio_unknown: "heeft een onbekende beeldverhouding"
       image_not_processable: "is geen geldige afbeelding"

data/config/locales/pl.yml CHANGED Viewed

@@ -29,5 +29,4 @@ pl:
       aspect_ratio_not_portrait: "musi mieć proporcje portretu"
       aspect_ratio_not_landscape: "musi mieć proporcje pejzażu"
       aspect_ratio_is_not: "musi mieć proporcje %{aspect_ratio}"
-      aspect_ratio_unknown: "ma nieokreślone proporcje"
       image_not_processable: "nie jest prawidłowym obrazem"

data/config/locales/pt-BR.yml CHANGED Viewed

@@ -29,5 +29,4 @@ pt-BR:
       aspect_ratio_not_portrait: "não está no formato retrato"
       aspect_ratio_not_landscape: "não está no formato paisagem"
       aspect_ratio_is_not: "não contém uma proporção de %{aspect_ratio}"
-      aspect_ratio_unknown: "não tem uma proporção definida"
       image_not_processable: "não é uma imagem válida"

data/config/locales/ru.yml CHANGED Viewed

@@ -29,5 +29,4 @@ ru:
       aspect_ratio_not_portrait: "должно быть портретное изображение"
       aspect_ratio_not_landscape: "должно быть пейзажное изображение"
       aspect_ratio_is_not: "должен иметь соотношение сторон %{aspect_ratio}"
-      aspect_ratio_unknown: "имеет неизвестное соотношение сторон"
       image_not_processable: "не является допустимым изображением"

data/config/locales/sv.yml CHANGED Viewed

@@ -29,5 +29,4 @@ sv:
       aspect_ratio_not_portrait: "måste vara en porträttorienterad bild"
       aspect_ratio_not_landscape: "måste vara en landskapsorienterad bild"
       aspect_ratio_is_not: "måste ha en följande aspect ratio  %{aspect_ratio}"
-      aspect_ratio_unknown: "har en okänd aspect ratio"
       image_not_processable: "är inte en giltig bild"

data/config/locales/tr.yml CHANGED Viewed

@@ -29,5 +29,4 @@ tr:
       aspect_ratio_not_portrait: "dikey bir imaj olmalı"
       aspect_ratio_not_landscape: "yatay bir imaj olmalı"
       aspect_ratio_is_not: "%{aspect_ratio} en boy oranına sahip olmalı"
-      aspect_ratio_unknown: "bilinmeyen en boy oranı"
       image_not_processable: "geçerli bir imaj değil"

data/config/locales/uk.yml CHANGED Viewed

@@ -29,5 +29,4 @@ uk:
       aspect_ratio_not_portrait: "мусить бути портретне зображення"
       aspect_ratio_not_landscape: "мусить бути пейзажне зображення"
       aspect_ratio_is_not: "мусить мати співвідношення сторін %{aspect_ratio}"
-      aspect_ratio_unknown: "має невідоме співвідношення сторін"
       image_not_processable: "не є допустимим зображенням"

data/config/locales/vi.yml CHANGED Viewed

@@ -29,5 +29,4 @@ vi:
       aspect_ratio_not_portrait: "phải là ảnh đứng"
       aspect_ratio_not_landscape: "phải là ảnh ngang"
       aspect_ratio_is_not: "phải có tỉ lệ ảnh %{aspect_ratio}"
-      aspect_ratio_unknown: "tỉ lệ ảnh không xác định"
       image_not_processable: "không phải là ảnh"

data/config/locales/zh-CN.yml CHANGED Viewed

@@ -29,5 +29,4 @@ zh-CN:
       aspect_ratio_not_portrait: "必须是竖屏图片"
       aspect_ratio_not_landscape: "必须是横屏图片"
       aspect_ratio_is_not: "纵横比必须是 %{aspect_ratio}"
-      aspect_ratio_unknown: "未知的纵横比"
       image_not_processable: "不是有效的图像"

data/lib/active_storage_validations/aspect_ratio_validator.rb CHANGED Viewed

@@ -1,16 +1,17 @@
 # frozen_string_literal: true
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/errorable.rb'
-require_relative 'concerns/metadatable.rb'
-require_relative 'concerns/symbolizable.rb'
+require_relative 'shared/active_storageable'
+require_relative 'shared/attachable'
+require_relative 'shared/errorable'
+require_relative 'shared/optionable'
+require_relative 'shared/symbolizable'
 module ActiveStorageValidations
   class AspectRatioValidator < ActiveModel::EachValidator # :nodoc
     include ActiveStorageable
+    include Attachable
     include Errorable
-    include Metadatable
-    include OptionProcUnfolding
+    include Optionable
     include Symbolizable
     AVAILABLE_CHECKS = %i[with].freeze
@@ -22,7 +23,6 @@ module ActiveStorageValidations
       aspect_ratio_not_portrait
       aspect_ratio_not_landscape
       aspect_ratio_is_not
-      aspect_ratio_unknown
     ].freeze
     PRECISION = 3.freeze
@@ -40,48 +40,63 @@ module ActiveStorageValidations
     private
     def is_valid?(record, attribute, attachable, metadata)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
-      errors_options = initialize_error_options(options, attachable)
-      if metadata[:width].to_i <= 0 || metadata[:height].to_i <= 0
-        errors_options[:aspect_ratio] = flat_options[:with]
+      flat_options = set_flat_options(record)
-        add_error(record, attribute, :image_metadata_missing, **errors_options)
-        return false
-      end
+      return if image_metadata_missing?(record, attribute, attachable, flat_options, metadata)
       case flat_options[:with]
-      when :square
-        return true if metadata[:width] == metadata[:height]
-        errors_options[:aspect_ratio] = flat_options[:with]
-        add_error(record, attribute, :aspect_ratio_not_square, **errors_options)
-      when :portrait
-        return true if metadata[:height] > metadata[:width]
-        errors_options[:aspect_ratio] = flat_options[:with]
-        add_error(record, attribute, :aspect_ratio_not_portrait, **errors_options)
-      when :landscape
-        return true if metadata[:width] > metadata[:height]
-        errors_options[:aspect_ratio] = flat_options[:with]
-        add_error(record, attribute, :aspect_ratio_not_landscape, **errors_options)
-      when ASPECT_RATIO_REGEX
-        flat_options[:with] =~ ASPECT_RATIO_REGEX
-        x = $1.to_i
-        y = $2.to_i
-        return true if x > 0 && y > 0 && (x.to_f / y).round(PRECISION) == (metadata[:width].to_f / metadata[:height]).round(PRECISION)
-        errors_options[:aspect_ratio] = "#{x}:#{y}"
-        add_error(record, attribute, :aspect_ratio_is_not, **errors_options)
-      else
-        errors_options[:aspect_ratio] = flat_options[:with]
-        add_error(record, attribute, :aspect_ratio_unknown, **errors_options)
-        return false
+      when :square then validate_square_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      when :portrait then validate_portrait_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      when :landscape then validate_landscape_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      when ASPECT_RATIO_REGEX then validate_regex_aspect_ratio(record, attribute, attachable, flat_options, metadata)
       end
     end
+    def image_metadata_missing?(record, attribute, attachable, flat_options, metadata)
+      return false if metadata[:width].to_i > 0 && metadata[:height].to_i > 0
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = flat_options[:with]
+      add_error(record, attribute, :image_metadata_missing, **errors_options)
+      true
+    end
+    def validate_square_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      return if metadata[:width] == metadata[:height]
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = flat_options[:with]
+      add_error(record, attribute, :aspect_ratio_not_square, **errors_options)
+    end
+    def validate_portrait_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      return if metadata[:width] < metadata[:height]
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = flat_options[:with]
+      add_error(record, attribute, :aspect_ratio_not_portrait, **errors_options)
+    end
+    def validate_landscape_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      return if metadata[:width] > metadata[:height]
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = flat_options[:with]
+      add_error(record, attribute, :aspect_ratio_not_landscape, **errors_options)
+    end
+    def validate_regex_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      flat_options[:with] =~ ASPECT_RATIO_REGEX
+      x = $1.to_i
+      y = $2.to_i
+      return if x > 0 && y > 0 && (x.to_f / y).round(PRECISION) == (metadata[:width].to_f / metadata[:height]).round(PRECISION)
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = "#{x}:#{y}"
+      add_error(record, attribute, :aspect_ratio_is_not, **errors_options)
+    end
     def ensure_at_least_one_validator_option
       unless AVAILABLE_CHECKS.any? { |argument| options.key?(argument) }
         raise ArgumentError, 'You must pass :with to the validator'

data/lib/active_storage_validations/attached_validator.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/errorable.rb'
-require_relative 'concerns/symbolizable.rb'
+require_relative 'shared/active_storageable'
+require_relative 'shared/errorable'
+require_relative 'shared/symbolizable'
 module ActiveStorageValidations
   class AttachedValidator < ActiveModel::EachValidator # :nodoc:

data/lib/active_storage_validations/base_size_validator.rb CHANGED Viewed

@@ -1,14 +1,15 @@
 # frozen_string_literal: true
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/errorable.rb'
-require_relative 'concerns/symbolizable.rb'
+require_relative 'shared/active_storageable'
+require_relative 'shared/errorable'
+require_relative 'shared/optionable'
+require_relative 'shared/symbolizable'
 module ActiveStorageValidations
   class BaseSizeValidator < ActiveModel::EachValidator # :nodoc:
     include ActiveStorageable
     include Errorable
-    include OptionProcUnfolding
+    include Optionable
     include Symbolizable
     delegate :number_to_human_size, to: ActiveSupport::NumberHelper

data/lib/active_storage_validations/content_type_spoof_detector.rb CHANGED Viewed

@@ -1,18 +1,20 @@
 # frozen_string_literal: true
-require_relative 'concerns/loggable'
+require_relative 'shared/attachable'
+require_relative 'shared/loggable'
 require 'open3'
 module ActiveStorageValidations
   class ContentTypeSpoofDetector
     class FileCommandLineToolNotInstalledError < StandardError; end
+    include Attachable
     include Loggable
-    def initialize(record, attribute, file)
+    def initialize(record, attribute, attachable)
       @record = record
       @attribute = attribute
-      @file = file
+      @attachable = attachable
     end
     def spoofed?
@@ -27,60 +29,22 @@ module ActiveStorageValidations
     private
     def filename
-      @filename ||= @file.blob.present? && @file.blob.filename.to_s
+      @filename ||= attachable_filename(@attachable).to_s
     end
     def supplied_content_type
-      # We remove potential mime type parameters
-      @supplied_content_type ||= @file.blob.present? && @file.blob.content_type.downcase.split(/[;,\s]/, 2).first
+      @supplied_content_type ||= attachable_content_type(@attachable)
     end
     def io
-      @io ||= case @record.public_send(@attribute)
-              when ActiveStorage::Attached::One then get_io_from_one
-              when ActiveStorage::Attached::Many then get_io_from_many
-              end
-    end
-    def get_io_from_one
-      attachable = @record.attachment_changes[@attribute.to_s].attachable
-      case attachable
-      when ActionDispatch::Http::UploadedFile
-        attachable.read
-      when String
-        blob = ActiveStorage::Blob.find_signed!(attachable)
-        blob.download
-      when ActiveStorage::Blob
-        attachable.download
-      when Hash
-        attachable[:io].read
-      end
-    end
-    def get_io_from_many
-      attachables = @record.attachment_changes[@attribute.to_s].attachables
-      if attachables.all? { |attachable| attachable.is_a?(ActionDispatch::Http::UploadedFile) }
-        attachables.find do |uploaded_file|
-          checksum = ActiveStorage::Blob.new.send(:compute_checksum_in_chunks, uploaded_file)
-          checksum == @file.checksum
-        end.read
-      elsif attachables.all? { |attachable| attachable.is_a?(String) }
-        # It's only possible to pass one String as attachable (not an array of String)
-        blob = ActiveStorage::Blob.find_signed!(attachables.first)
-        blob.download
-      elsif attachables.all? { |attachable| attachable.is_a?(ActiveStorage::Blob) }
-        attachables.find { |blob| blob == @file.blob }.download
-      elsif attachables.all? { |attachable| attachable.is_a?(Hash) }
-        # It's only possible to pass one Hash as attachable (not an array of Hash)
-        attachables.first[:io].read
-      end
+      @io ||= attachable_io(@attachable)
     end
+    # Return the content_type found by Open3 analysis.
+    #
+    # Using Open3 is a better alternative than Marcel (Marcel::MimeType.for(io))
+    # for analyzing content type solely based on the file io.
     def content_type_from_analyzer
-      # Using Open3 is a better alternative than Marcel (Marcel::MimeType.for(io))
-      # for analyzing content type solely based on the file io
       @content_type_from_analyzer ||= open3_mime_type_for_io
     end